Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers, merchants and customers.
“We recently detected unusual activity within our environment traced to a third-party service provider for our Support Team” the company said on Monday, February 3, 2025.
“We immediately terminated the account’s access and removed the service provider from our systems altogether.”
The following data was accessed, varying by individual: Names, email addresses and phone numbers, as well as partial payment card information for a subset of campus diners (card type and last four digits of the card number).
The threat actor also accessed hashed passwords for certain legacy systems, and the company rotated any passwords that was believed might have been at risk.
GrubHub has not disclosed whether it was targeted by a ransomware attack, and as of this writing, no known ransomware group has claimed responsibility.
Grubhub is a popular food-ordering and delivery platform with more than 375,000 merchants and 200,000 delivery providers using its platform in more than 4,000 US cities.
Read more about it here.